New research has found that it doesn’t matter what you do to burst out of Google’s search filter bubble: you can log out of Google, then enter private browsing mode, but those precautions won’t render your search anonymous. Google’s search engine will still tailor results to the personal information the company has on you, including search, browsing and purchase history.
Granted, the research comes from search competitor DuckDuckGo, which draws search results from third-party sites such as Bing, Yahoo and Yandex without tracking you. The research is still eye-opening, though, in spite of DuckDuckGo being a competitor.
In order to test whether a search engine is really profiling you or not, it helps to keep in mind that a search engine that doesn’t profile users should show all users who search at the same time the same search results for a given search term, without tweaking the results based on things like an individual’s previous search history.
Google has claimed to have taken steps to reduce the filter bubble problem – a problem that’s been implicated in influencing US presidential election outcomes both in 2016 and in the 2012 Romney-Obama bout. The thinking is that profiling search users and feeding them tailored search results essentially surrounds them with a walled garden of information they already agree with, thereby silencing new information or differing opinions.
But in spite of Google’s steps to pop the bubble, it’s still showing users nonidentical search results even when they’re in private browsing mode, signed out of Google services.
DuckDuckGo studied a group of individuals who entered identical search terms at the same time. What it found:
- Most participants saw results unique to them. These discrepancies could not be explained by changes in location, time, by being logged in to Google, or by Google testing algorithm changes to a small subset of users.
- On the first page of search results, Google included links for some participants that it did not include for others, even when logged out and in private browsing mode.
- Results within the news and videos infoboxes also varied significantly. Even though people searched at the same time, people were shown different sources, even after accounting for location.
- Private browsing mode and being logged out of Google offered very little filter bubble protection. These tactics simply do not provide the anonymity most people expect.
The methodology: DuckDuckGo asked volunteers in the US to search for the terms “gun control”, “immigration”, and “vaccinations” (in that order) at the same time on 24 June. First, they searched in private browsing mode, while logged out of Google. Then, they repeated the searches in normal, non-private mode. Then, DuckDuckGo restricted results analysis to top-level domains. For example,
www.cdc.gov/vaccines/adults would both be treated as just
The results: some volunteers saw domains that nobody else did. The domains weren’t ordered consistently, either: in fact, the 19 domains returned for the “gun control” search were ordered in 31 different ways. Order of results is a significant factor, given the rapid fall-off of click-throughs corresponding to the order of links: link #1 gets ~40% of clicks, link #2 ~20%, link #3 ~10%, etc.
Given that the volunteers all searched at the same time, the variations aren’t attributable to people searching at different times and seeing different, time-shifting news results. Nor should the volunteers’ locations matter, given that DuckDuckGo changed all local links to be the same.
It didn’t matter whether volunteers were logged out of Google and in private browsing mode: the variations were about the same as in normal search mode.
It is, in fact, a misconception that “going incognito” provides anonymity, DuckDuckGo notes, given that websites use IP addresses and browser fingerprinting to identify people regardless of those steps. And as we’ve noted before, browsers have to temporarily store data from main memory in secondary processor caches and swap files squirrelled away in corners of the hard drives and OS-managed DNS caches, which is a lot to keep track of and means that forensics tools can often find wisps of data if they know where to look.
If you want to dig down into the data further, DuckDuckGo has made it available in two parts: Basic non-identifiable participant data, and raw data from the search results.
- duckduckgo-filter-bubble-study-2018_participants.xls contains the instructions DuckDuckGo sent to each participant, as well as their basic anonymized data.
- duckduckgo-filter-bubble-study-2018_raw-search-results.xls contains a separate sheet for search results per query and per mode (private and non-private). The results are listed as they appeared on the screen for each participant, showing both organic domains and infoboxes such as Top Stories (news), Videos, etc.
The code that DuckDuckGo wrote to analyze the data is open source and available on its GitHub repository.
If you want to read up on more options for bursting the filter bubble, you might want to take a look at this write-up we did last year about a self-hosted search option called Searx: an engine that submits searches without cookies or identifying information, meaning that the engines – including Google – don’t know anything about who’s searching.
As Naked Security’s Danny Bradbury notes in that article, there are multiple alternatives to Google: besides DuckDuckGo or Searx, there’s also Startpage, which also serves as something of a proxy for Google, in addition to Disconnect, which offers private search as part of its broader privacy protection and tracker blocking service.
Readers, what are you searching with, and how do you like it? Let us know in the comments below.
Update. A Google spokesperson contacted us to say, “This study’s methodology and conclusions are flawed since they are based on the assumption that any difference in search results are based on personalization. That is simply not true. In fact, there are a number of factors that can lead to slight differences, including time and location, which this study doesn’t appear to have controlled for effectively.” [Added 2018-12-06T23:10Z]
15 comments on “Google’s private browsing doesn’t keep your searches anonymous”
DuckDuckGo 99% of the time. I did a comparison a few years back when I first discovered DuckDuckGo and their search results were more pertinent so I stuck with them. Always change default settings of a browser to DuckDuckGo on any device. And I LOVE their “bang” functionality (!nakedsec) to quickly access some websites.
To be complete, browserwise I’m almost always in “private” mode (and clean everything when the app is closed) and minimum cookies. When on a Windows device I use: IE, Edge, SeaMonkey (Mozilla-Style), Firefox, Vivaldi (Chromium) … and Chrome if I really have no other choice. When on a Mac: Safari, SeaMonkey, Firefox and Vivaldi.
I usually use multiple browsers so that I can isolate the “search” browsers from the “login” browsers (sometimes several browsers to manage different accounts that would otherwise clash with one another).
StartPage every time baby!
I use Google for my professional searches. I have tried switching to DDG and Qwant but these search engines do not provide the same quality of results. Google simply has the best algorithm.
For private browsing, I use DDG.
Herein lies the problem: Google has by far the biggest part of the market, which means they can hire and retain the best developers, hence rapidly and efficiently improve the quality of their product, hence increase their market share, etc.
To annoy Google’s algorithm and retain an illusion of being partially incognito while surfing, one can use some flavour of Firefox with the TrackMeNot extension, which sends randomized queries to Google (and other search engines) in the background.
It may be even worse that this. A few weeks ago, I searched for a domain in my browser’s address bar. It was a domain that I planned on buying, to build a platform for a book I’m writing. The “search” was performed by Google due to it being my default search provider for Internet Explorer. The domain did not already exist/was available. I did not perform the search anywhere else.
The very next day, I searched via a different search engine. Lo and behold, the domain was now taken, and it was being offered to me for ~$3000.
I blame Google.
If you found that “the domain was available”, it’s reasonable to assume you visited some name registrar – directly or indirectly – in order to get as far as seeing a message of that sort…
Tempting as it is to blame Google, you need more evidence than you have presented here to make your claim believable. (A whois lookup will show you when the domain was registered, and at least vaguely by whom, and without at least that information, you can’t actually say whether the domain was still unregistered when you first looked.)
5 years ago I had the same issue. I had one domain I wanted, googled it, it wasn’t taken. The next day I went to register it and 3 others,, it was taken, I did get the others. My friend that is a developer asked if I had search for it… He said never ever search for a domain you want, just try and go to, with Search From Address Bar disabled.
It’s easy to test this; I just put notagoogleownedaddress.com in the web browser, page can’t be displayed. Did a google search on it, nothing. Now to wait 24 hours.
I tried using DuckDuckGo when I was writing yesterday, but I got hung up on one thing (maybe it’s a tweakable thing, but I didn’t have the time to futz around with its settings)—namely, it only lets you select date-specific search results down to the month, or week, or day, or whatever, which isn’t relevant to all my searches, given that I like to see Naked Security coverage on a given topic that dates to a far more specific range: as in, what did we write about regarding Facebook’s moves to do XYZ during 2014/2015?
I slunk back to Google search and its very useful feature of picking a very specific date range for search results. I’m willing to entertain other options, though, so if anybody knows which privacy-oriented search option has granular date selection, please do let me know what it is!
The only way I’ve worked around DDG’s junky timeframe thing a little bit works only with sites that use Clean URL (worth looking up on wikipedia to see what I’m talking about.) You’ll see it with some news sites that they may have not only a cryptic url but also a friendlier one that you see. Sometimes it may also be called canonical url or user friendly url. Anyways, most search engines will have a command to also limit your search to certain websites (site:somesite.com) or limit it to url’s where certain words are in the url (inurl:blah).
So, if I wanted to look up something about apples in 2012 I would search for apples inurl:2012. and you might find results that look like cnn.com/2012/11/04/apples-in-demand-during-fall-season
It’s cludgy but it’s something.
Thanks, jwms! I frequently use the “sites:” search term, but I never knew about the “inurl:” until now. Great to know!
I may be wrong here, and please correct me if I am, as far as I have been told “Incognito Mode” does nothing to ensure either privacy or anonymity.
It is simply a regular browser mode which does not store search history, cookies or cache after the browser is closed.
For ***truer*** privacy, perhaps Tails on a USB or re-writable DVD and Tor Browser with DDG, Startpage or one of the other non-tracking search engines mentioned in the above article would be more useful.
Something to mention however is that if you are hitting one of the main search engines they may recognize you as some kind of ‘bot’ and deny access…
Anything that reduces the amount of “this browser did that last time it was here” can improve privacy, including so-called Incognito Mode or Private Browsing.
OTOH, just going through the liturgical process of “using Tails + Tor + Startpage” guarantees neither privacy nor anonymity. Tor has a decent overview of why just using Tor isn’t enough on its own. Check the Tor FAQ list for advice. (In the Tor Project’s own words: Q. So I’m totally anonymous if I use Tor? A. No.)
Been using DuckDuckGo for a few years now, and don’t miss Google at all. Any time I’ve had trouble finding what I want and tried the same search terms on Google, the results have not been any better.
It really depends on how much effort you want to take to keep your online activities as private as possible.
1. Use more than one browser. For example I have one browser that I only use for what little social media activity I have. Plus another for just my financial activities. I split my activities between five different browsers.
2. Move past just using browser add-ons for tracking. There are also several that modify and make it difficult to fingerprint your browser and computer.
3. Use a VPN. Besides keeping your ISP out of the loop it also makes it hard for sites to track you via IP if you are sharing the same IP pool as thousands of other users.
4. Use a second computer. I have an old Acer Chromebook that I converted over to Linux that I use just for searches that I do not want anywhere close to be connected to me. Think “I would really like to keep private medical searches” and similar subjects. . On that note stay away from the webmd website unless you are OK with pretty much the whole world knowing what you are researching. There is a huge number of trackers on that site and they sell your search info to pretty much everyone they can.
Their sample size was small, and they lacked any valid control group. I’d like to see someone with the resources (Sophos, maybe? You probably have them) to run a control group.
Control group would be, say, 10 virtual machines at each Azure or Amazon data center, with a clean install of Chrome. Using an automated tool, all of them run the query – and then feed that through the process. Since Google has not seen these devices, any churn in the Search Engine Results Page (SERP) is natural churn of whatever Google process. Run this analysis, from the study, against that data set to establish a baseline.
Now, repeat their basic experiment, with a bunch of Internet volunteers in as controlled a manner as possible (e.g. use automation to make sure they all kick off at the same time, go through the steps consistently, collect the data consistently), then compare that to the baseline.
You’d need way more than 87 samples unless the signal is exceptionally strong.
But the baseline would at least let you know if the original hypothesis as proposed is even valid, that two users performing the same query at the same time get the same results.
I’d repeat that with DDG, to establish there is less churn than the baseline or no churn with DDG. My expectation is there would be SERP churn there, as well, doing the experiment.
First rule of buying a domain name, NEVER EVER search for it. It is known that there are companies out there use data monitoring to look for domain names that people had search for. Registrars in fact use those data to price their domain as well.
Use a reputable domain registrar such as Hover.com as you look for available domain names. Also, don’t forget to buy the easily misspell names too. (Whitehouse.gov and Whitehouse.com is VERY different site)
If the domain name was offer to you at ~$3000, that’s mean it is highly search after domain name. The domain “did not already exist/was available” could means a lot of thing without more detail info.